Cyber Risk Services

With the proliferation of Internet-enabled devices, cyber culture is growing more rapidly than cyber security. Everything that depends on cyberspace is potentially at risk. Deloitte’s cyber risk practice helps you reduce your exposure to cyber-attacks and respond in a secure, vigilant and resilient manner.

Deloitte’s leading Cyber Risk Services team helps organisations address pressing and pervasive strategic information and technology risks, such as cyber security, data leakage, identity and access management, data security breaches, operational resilience and system outages, privacy and application integrity. We provide industry-tailored solutions, using demonstrated methodologies and tools in a consistent manner, with the goal of enabling on-going, secure and reliable operations across the enterprise.

A daunting global challenge

Given how rapidly cybersecurity threats emerge and change, it can be hard for companies and regulators to keep up. The challenge is especially difficult for global companies, which must constantly combat an endless stream of cybersecurity threats while demonstrating regulatory compliance in all jurisdictions in which they operate.

Companies based in countries that already impose rigorous cyber integrity requirements may have an edge because they have already done a lot of the hard work necessary to clear a very high bar. On the other hand, companies based in countries with less rigorous requirements are most likely behind on the compliance maturity curve and may thus need to do more work to catch up.

Transforming authentication for a digital age

In today’s digital era, identity is a centrepiece for Financial Technology (FinTech) and its drive towards digitisation. In order to support the growing demand for more transactions and applications for banking services online, there is a keen focus on holistic authentication and authorisation solutions to complete a growing variety of digital transactions. Read more in the report.

Cyber security: everybody’s imperative

A guide for the C-suite and boards on guarding against cyber risks

As cyberattacks grow in increasing numbers and complexity, boards and C-suite executives play an important role in shaping the way organisations respond to the new cyber threat landscape. Cyber threat management has become a business and strategic imperative in this digital world. Find out the top 10 questions that boards should be asking about cyber security and resiliency. Deloitte’s Cyber Risk guide is designed to help identify an organisation’s cyber capabilities and evaluate the cyber ‘character’ of the board.

Digital Directors

The board’s role in the cyber world

Cyber security threats are not just for information technology specialists anymore. Today, cyber security is drawing attention from the very top, and it has become a huge concern for corporate boards. The reasons for this board level concern are not hard to understand – a number of organisations have been badly shaken by cyber security breaches and their boards are being held accountable.

Cyber Executive Briefing

Staying ahead in the global marketplace

In the interconnected world today, a cyber attack is no longer a question of ‘if’ or ‘whether’ but ‘when’. The board of directors are often tasked with asking tough questions. Find out what are the top 10 cyber security questions to ask your organisation.

Responding to cyber threats

A change in paradigm

In this changing landscape, a shift must take place to adequately combat the challenge. The old approach has failed many organisations and cost the world billions of dollars. While we expect that advancements in technology will continue to disrupt the way we approach cyber risk, the objectives and principles identified in the paper attempt to provide the basis of the migration model that is still evolving – a must continue to do so. These mitigation are explored in the proposed Deloitte Cyber Security 3.0 model.

Cyber Security

The changing role of audit committee and internal audit

Among the most complex and rapidly evolving issues companies must contend with is cybersecurity. With the advent of mobile technology, cloud computing, and social media, reports on major breaches of proprietary information and damage to organisational IT infrastructure have also become increasingly common, thus transforming the IT risk landscape at a rapid pace.

International media reports on high-profile retail breaches and the major discovery of the Heartbleed security vulnerability posing an extensive systemic challenge to the secure storage and transmission of information via the Internet have shone a spotlight on cybersecurity issues. Consequently, this has kept cybersecurity a high priority on the agenda of boards and audit committees.

Information technology risks in financial services

What board members need to know — and do

Boards’ risk-related responsibilities at financial services companies have intensified, with governance of Information Technology (IT) risk becoming increasingly critical. However, IT risk may be the one risk that the typical financial services board member may be least prepared to oversee. IT risk-related challenges in financial services will grow in number and importance in the years ahead. This paper highlights select IT risks for boards of financial institutions to consider, and suggests strategies they can employ to better oversee them.

Working hand-in-hand with our clients, Deloitte helps organisations plan and execute an integrated cyber approach to harness the power of information networks to enhance business operations, increase mission performance, and improve customer support, without compromising security or privacy.

Our practitioners are focused on specific industries and sectors and they bring a demonstrated depth of knowledge and experience to help our clients solve their information cyber risks. These enterprise-wide security services include:

Security management

This includes developing strategic and tactical information security strategies that are aligned with business, regulatory and risk management requirements.

Identity and access management

We help clients design and implement a comprehensive framework that integrates disparate user identities repository into a common security solution through the deployment of a service-oriented architecture (SOA). The use of SOA allows the flexibility to accommodate additional security services, such as multi-factor authentication.

Vulnerability management

We assist in identification of vulnerabilities through threat modelling and security posture assessments of information systems and networks.

Infrastructure and operations security

We help clients design and deploy a comprehensive and robust secure architecture for the business-driven IT infrastructure.

The (Evolving) Art of Risk Sensing

Risks of the present and future continue to change as the business world evolves with technological advancements and innovations. Risk-sensing capabilities and efforts need to be forward-looking and agile to transform risks arising from economic, market, regulatory and technological evolutions. A crucial component of a company’s risk management process, risk sensing supports risk and impact assessment to address risks across the entire relevant time horizon.

Risk sensing helps companies detect emerging risks to be mitigated before potentially significant damage or costs are incurred. It is also a platform for detecting emerging trends to enhance understanding of risk/reward tradeoffs inherent in value creation to improve resource allocations.

How cyber savvy is your organization?

In today’s environment, with the widespread use of technologies, you can’t be a responsible board member and not be concerned about cyber security. Boards need to inquire about the organization’s cyber strategy, what information the organization exposes to third partners, and the security of the organization’s ecosystem.

Cyber crime fighting

Enterprises have to go on the offense to protect themselves from a rising tide of cyber crime. Collective intelligence and human judgment supported by advanced security analytics can help.

As personal, commercial, and government activities continue to migrate to the digital realm, so do criminals. Large-scale cyber attacks are becoming more frequent and more costly for businesses in the United States. Attackers are better funded, more sophisticated, and better organized than in the past, often representing criminal networks or states. Dozens of US banks have suffered cyber attacks over the last year at the hands of foreign attackers.

As enterprises and government agencies increasingly adopt cloud, mobile, and social computing, information technology (IT) environments are becoming more difficult to defend. Increasingly, organizations need to accept that security breaches are inevitable.

Networked Medical Device Cybersecurity and Patient Safety

Perspectives of Health Care Information Security Executives

Networked medical devices and other mobile health (mHealth) technologies are a double-edged sword: They have the potential to play a transformational role in health care but also may be a vehicle that exposes patients and health care providers to safety and cybersecurity risks such as being hacked, being infected with malware and being vulnerable to unauthorized access.

Patient safety issues—injury or death—related to networked medical device security vulnerabilities are a critical concern; compromised medical devices also could be used to attack other portions of an organization’s network. Click to read more.

Inside Magazine

The world and the environment in which decisions are made are experiencing profound transformations. Consequently, new risks appear, old ones are changing - and the ability to cleverly understand and manage risks will be crucial.

Thus, one year after the last governance, risk management & compliance edition of Inside, this first issue of 2015 points out key topics in these areas. It focuses on the roles and challenges of Boards of Directors, Board Committees, Chief Risk Officers, Chief Information Security Officers, Chief Compliance Officers and Chief Internal Auditors. We hope you will find this publication insightful.

Deloitte named a global leader in cyber security consulting by Kennedy

Deloitte Touche Tohmatsu Limited (DTTL) is pleased to announce that Ken nedy Consulting Research and Advisory, a leading analyst firm, has named Deloitte a global leader in cyber security consulting.

Kennedy’s recently released report, entitled Cyber Security Consulting 2013, addresses clients’ increasing need to seek help from consulting firms to guide them through the complexities of cyber security. As such, the report provides an assessment of cyber security consulting providers in terms of the relative breadth and depth of their cyber security consulting capabilities.

Deloitte Touche Tohmatsu Limited (Deloitte Global) is pleased to announce that Deloitte has been named a “Leader” in Global Risk Management Consulting services by Gartner in its recently released report entitled, Magic Quadrant for Global Risk Management Consulting Services.

The Gartner report evaluated seven global firms and networks on three dimensions of risk management — framework, metrics, and systems. Within the quadrant graphic included in the report, Deloitte member firms’ risk management consulting services were positioned highest on the “ability to execute” axis and furthest on the “completeness of vision” axis.

Deloitte Singapore clinches IBM Security Global Innovation Award

Deloitte Singapore was presented the IBM Security Global Innovation Award 2016 for the hybridisation of IBM’s existing partnership models to establish a Next-Generation Security Operation Center (SOC) to showcase the full capabilities of IBM’s managed services including its complete suite of security products and solutions.

For the first time globally, IBM is working with Deloitte Singapore to successfully conceptualise a hybrid partnership model to build the SOC with low upfront costs and minimal asset investments within Deloitte’s premise. It is also the first time globally the Deloitte Advisory’s Threat Intelligence and Analytics (TIA) services are integrated with an IBM Solution.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see About Deloitte to learn more about our global network of member firms.